This article explains about how to secure API’s using the SSL certificate.
It is assumed that readers of this article know how to setup API’s on API gateway.
- Configure the API at the API gateway.
- Create an Application and associate API with the application.
- Refer the link to create an API
- In this case, API is configured at API gateway “b2binboundchannel”
- SSL certificate and private key
Configure Certificate at nginx
- Since API Gateway is layered with nginx, therefore certificate needs to be configured at nginx level also.
- Validate the SSL ciphers configured at API GW and at the partner side.
- At both ends, the cipher should match for a successful transaction.
Configure Certificate at API Gateway
- Log in to the API gateway
- Create the application at API Gateway
- Import the public certificate
- In this case, self-signed certificate is uploaded in the application.
Configure the policy
- Open the API
- Navigate to policies.
- Click on Identify & Access policy.
- Select Identify & Authorize Application.
- Select SSL Certificate and select the registered application from application lookup drop-down menu.
Test Using Postman Client
- Configure the certificates at the postman client.
Verify the logs at API Gateway
- Navigate to API gateway
- Open API, in this case, it is b2binboundchannel
- Navigate to Analytics tab
- In the transaction log there will be certificate details, which were sent along with the request.